Re: Non-repudiation (was RE: The PAIN mnemonic)

2003-12-30 Thread Amir Herzberg
At 18:02 29/12/2003, Ben Laurie wrote: Amir Herzberg wrote: ... specifications, I use `non-repudiation` terms for some of the requirements. For example, the intuitive phrasing of the Non-Repudiation of Origin (NRO) requirement is: if any party outputs an evidence evid s.t. valid(agreement,

Re: example: secure computing kernel needed

2003-12-30 Thread Amir Herzberg
At 04:20 30/12/2003, David Wagner wrote: Ed Reed wrote: There are many business uses for such things, like checking to see if locked down kiosk computers have been modified (either hardware or software), I'm a bit puzzled why you'd settle for detecting changes when you can prevent them. Any

Re: Difference between TCPA-Hardware and a smart card (was: example: secure computing kernel needed)

2003-12-30 Thread Jerrold Leichter
| Rick Wash wrote: | There are many legitimate uses of remote attestation that I would like to | see. For example, as a sysadmin, I'd love to be able to verify that my | servers are running the appropriate software before I trust them to access | my files for me. Remote attestation is a good

Re: [camram-spam] Re: Microsoft publicly announces Penny Black PoW postage project

2003-12-30 Thread Eric S. Johansson
Scott Nelson wrote: d*b --- s where: d = stamp delay in seconds s = spam size in bytes b = bandwidth in bytes per second I don't understand this equation at all. It's the rate limiting factor that counts, not a combination of stamp speed + bandwidth. well, stamp speed is method of

Re: [camram-spam] Re: Microsoft publicly announces Penny Black PoW postage project

2003-12-30 Thread Alan Brown
On Tue, 30 Dec 2003, Eric S. Johansson wrote: But using your spam size, , the slowdown factor becomes roughly 73 times. So they would need 73 machines running full tilt all the time to regain their old throughput. Believe me, the professionals have enough 0wned machines that this is

Electronic-voting firm reveals hacker break-in

2003-12-30 Thread R. A. Hettinga
http://seattletimes.nwsource.com/cgi-bin/PrintStory.pl?document_id=2001825724zsection_id=268448455slug=votehere300date=20031230 Tuesday, December 30, 2003, 12:00 A.M. Pacific The Seattle Times: Electronic-voting firm reveals hacker break-in By Monica Soto Ouchi Seattle Times technology reporter

why penny black etc. are not very useful

2003-12-30 Thread Perry E. Metzger
In my opinion, the various hashcash-to-stop-spam style schemes are not very useful, because spammers now routinely use automation to break into vast numbers of home computers and use them to send their spam. They're not paying for CPU time or other resources, so they won't care if it takes more

[ISN] Oh Dan Geer, where art thou?

2003-12-30 Thread R. A. Hettinga
--- begin forwarded text Date: Tue, 30 Dec 2003 09:30:58 -0600 (CST) From: InfoSec News [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [ISN] Oh Dan Geer, where art thou? Sender: [EMAIL PROTECTED] Reply-To: InfoSec News [EMAIL PROTECTED] Status:

Re: [camram-spam] Re: Microsoft publicly announces Penny Black PoW postage project

2003-12-30 Thread Jerrold Leichter
(The use of memory speed leads to an interesting notion: Functions that are designed to be differentially expensive on different kinds of fielded hardware. On a theoretical basis, of course, all hardware is interchangeable; but in practice, something differentially expensive to calculate on an

Re: [camram-spam] Re: Microsoft publicly announces Penny Black PoW postage project

2003-12-30 Thread Richard Clayton
On Tue, 30 Dec 2003, Eric S. Johansson wrote: But using your spam size, , the slowdown factor becomes roughly 73 times. So they would need 73 machines running full tilt all the time to regain their old throughput. Believe me, the professionals have enough 0wned machines that this is